Half of companies have not set out a specific policy for workers’ online social networking activities, according to the report from two professional groups, the Health Care Compliance Association and the Society of Corporate Compliance and Ethics.

Although many organizations lack social networking policies, one-quarter of the nearly 800 compliance and ethics professionals surveyed said their organization has had to discipline an employee for activities on Facebook, Twitter or LinkedIn.

Social networking sites pose risks such as employee disclosures of confidential information, exposure to computer viruses and postings that can damage a firm’s reputation. On the other hand, some experts say social networking can help firms in ways including viral marketing. And companies can discourage employees from positive social networking activities by the use of draconian policies, said Lisa Guerin, an employment lawyer and author of a book about workplace technologies.

“It seems like we’re trying to find out what the limits are in employer monitoring,” Guerin said.

The social networking field has exploded. Facebook, for example, now claims more than 350 million active users, up from some 150 million in January.

Half of Facebook’s active users log on to the site in any given day, and more than 35 million users update their status daily.

Companies, though, are in the dark about much of this activity, according to the September report from the professional groups. Mirroring the lack of a usage policy, roughly half the respondents reported that their companies do not have an active monitoring system for checking employee activity on social networking sites.

A related but less glamorous topic is the potential for leaks of sensitive data through e-mails. This can include intentional and inadvertent zapping of information such as customer or employee financial data.

More and more companies are trying to stop such leaks with sophisticated software, said Don Harris, president of consulting firm HR Privacy Solutions. These tools, known as data-loss protection applications, can flag suspect messages, such as ones with large attachments or particular key words, Harris said.

“It just makes so much sense,” he said of the applications. “You don’t want to be reacting to things you can prevent.”

Another factor is the economic down¬turn, during which employers have axed many workers. Companies have to be wary of sabotage by disgruntled ex-workers or the prospect of former employees providing intellectual property to competitors.

Employers are taking increased steps to protect their data, said employment attorney Arnie Pedowitz. But they can go too far in their monitoring, he said, by improperly getting passwords to employees’ personal Gmail or Yahoo e-mail accounts and snooping in them.

He recommends that companies set clear policies on Internet use and employee privacy.

Guerin agrees that policies are needed in an era when so much intellectual property is in electronic form. But she argues that the intersection of data protection, employee freedoms and social media is a gray one.

“These are new areas for everyone,” Guerin said.

—Ed Frauenheim

Stay informed and connected. Get human resources news and HR features via Workforce Management's Twitter feed or RSS feeds for mobile devices and news readers.